diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-08-08 17:47:05 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-08-08 17:47:05 +0000 |
commit | 15b1bf845b7a05b05e4e7b1d41ace829ae48f1dc (patch) | |
tree | ee6b17393f2bf42c350eb6516c0baf6e594867cf | |
parent | d668b145a1b2619e60586b6009390949fb363250 (diff) | |
parent | 427c9f0b5b5f6f0c242e75a98dca2434a27945d8 (diff) | |
download | gitlab-ce-15b1bf845b7a05b05e4e7b1d41ace829ae48f1dc.tar.gz |
Merge branch 'revert-host-header-overwrite' into 'master'
Revert "Defend against 'Host' header injection"
We reverted this in omnibus but forgot to do it in the source NGINX template.
See merge request !5706
-rw-r--r-- | lib/support/nginx/gitlab | 7 | ||||
-rw-r--r-- | lib/support/nginx/gitlab-ssl | 7 |
2 files changed, 2 insertions, 12 deletions
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab index 4a4892a2e07..d521de28e8a 100644 --- a/lib/support/nginx/gitlab +++ b/lib/support/nginx/gitlab @@ -49,12 +49,7 @@ server { proxy_http_version 1.1; - ## By overwriting Host and clearing X-Forwarded-Host we ensure that - ## internal HTTP redirects generated by GitLab always send users to - ## YOUR_SERVER_FQDN. - proxy_set_header Host YOUR_SERVER_FQDN; - proxy_set_header X-Forwarded-Host ""; - + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl index 0b93d7f292f..bf014b56cf6 100644 --- a/lib/support/nginx/gitlab-ssl +++ b/lib/support/nginx/gitlab-ssl @@ -93,12 +93,7 @@ server { proxy_http_version 1.1; - ## By overwriting Host and clearing X-Forwarded-Host we ensure that - ## internal HTTP redirects generated by GitLab always send users to - ## YOUR_SERVER_FQDN. - proxy_set_header Host YOUR_SERVER_FQDN; - proxy_set_header X-Forwarded-Host ""; - + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |